CLAIMS 



1 1. A method for securely transmitting multicast data, comprising: 

2 encrypting at least one title T with at least title key K^; and 

3 encrypting tiie title key Kt witii at least one channel-unique key using 

4 at least one encryption fimction S to render a multicast data channel encrypted as 

5 SkJK,), Skt(T). 

1 2. The method of Claim 1, wherein the channel-unique key is the result 

2 of a combination of a channel key and a session key K^. 

1 3. The method of Claim 2, wherein the combination is a hash function of a 

2 concatenation of the channel key and session key K^. 

1 4. The method of Claim 2, wherein the session key is encrypted with at 

2 least a first encryption scheme B\ to render a session key block. 

1 5. The method of Claim 4, comprising providing at least one player with 

2 device keys to activate the player. 
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1 6. The method of Claim 5, comprising providing the player with the channel 

2 key K,. 

1 7. The method of Claim 6, wherein at least one of the providing acts is 

2 undertaken in a point-to-point communication. 

1 8. The method of Claim 6, wherein at least one of the providing acts is 

2 undertaken as part of a broadcast. 

1 9. The method of Claim 6, comprising providing the player with the session 

2 key block. 

1 10. The method of Claim 9, wherein the player can determine the session key 

2 Is from the session key block using the device keys Kj. 

1 11. The method of Claim 10, comprising periodically refreshing the channel 

2 key to enforce subscriptions. 

1 12. The method of Claim 10, comprising selectively updating the session key 

2 block. 
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1 13. The method of Claim 12, comprising updating the session key block by 

2 encrypting an updated session key with at least the encryption scheme B\^, 

1 1 4. The method of Claim 1 1 , wherein a new channel key K^' is encrypted with 

2 at least a second encryption scheme 3^2- 

1 15. The method of Claim 14, wherein the new channel key K,' is sent in a 

2 message that is split. 

1 16. The method of Claim 14, wherein the new channel key K,' is refreshed 

2 using plural messages. 

1 17. The method of Claim 14, wherein the encryption scheme B^^ includes: 

2 assigning each player in a group of players respective private information 

3 lu; 

4 partitioning players not in a revoked set R into disjoint subsets Sii,...S,jn 

5 having associated subset keys Lji,...Li^; md 

6 encrypting the session key Kg with the subset keys Uu-,Lim to render m 

7 encrypted versions of the session key Kg. 
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18. The method of Claim 17, wherein the encryption scheme further 
includes partitioning the players into groups Si,...,S„, wherein "w" is an integer, 
and the groups establish subtrees in a tree. 



1 19. The method of Claim 1 8, wherein the tree mcludes a root and plural nodes, 

2 each node having at least one associated label, and wherein each subset includes all leaves 

3 in a subtree rooted at some node Vj that are not in the subtree rooted at some other node 

4 Vj that descends from v,. 

1 20. The method of Claim 19, wherein the revoked set R defmes a spanning 

2 tree, and wherein the method includes: 

3 initializing a cover tree T as the spanning tree; 

4 iteratively removing nodes from the cover tree T and adding nodes to a 

5 cover until the cover tree T has at most one node. 

1 21. The method of Claim 19, wherein each node has at least one label possibly 

2 induced by at least one of its ancestors, and wherein each player is assigned labels from 

3 all nodes hanging from a direct path between the player and the root but not from nodes 

4 in the direct path. 
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1 22. The method of Clann 21, wherein labels are assigned to subsets using a 

2 pseudorandom sequence generator, and the act of decrypting includes evaluating the 

3 pseudorandom sequence generator. 

1 23. The method of Claim 1, wherein the data is streamed to players. 

1 24. A method for enforcing copy protection compliance and subscription 

2 comphance, comprising: 

3 providing players with respective device keys useful for enabling copy 

4 protection compliance; and 

5 providing players with at least one channel key K^. useful for enabUng 

6 subscription compliance, such that a player can decrypt content only if the player 

7 is both compliant with copy protection and the player is an active subscriber to a 

8 content channel. 

1 25. The method of Claim 24, wherein the content is streamed to players. 

1 26. The method of Claim 25, comprising: 

2 encrypting at least one title T with at least title key K^; and 
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3 encrypting the title key Kx with at least one channel-unique key K^^ using 

4 at least one encryption function S to render a multicast data channel encrypted as 

5 Skcu(Kt)> Srt^T). 

1 27. The method of Claim 26, wherein the channel-unique key is the result 

2 of a combination of the channel key £uid a session key K,. 

1 28. The method of Claim 27, wherein the combination is a hash function of a 

2 concatenation of the channel key and a session key K^. 

1 29. The method of Claim 27, wherein the session key K, is encrypted with at 

2 least a first encryption scheme B\i to render a session key block, 

1 30. The method of Claim 29, comprising providing at least one player with its 

2 respective device keys IC^ to activate the player. 

1 3 1 . The method of Claim 30, comprising providing the player with the channel 

2 key IC,, upon or in response to subscription. 

1 32. The method of Claim 30, wherein at least one of the providing acts is 

2 undertaken in a point-to-point communication. 
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1 33. The method of Claim 30, wherein at least one of the providing acts is 

2 undertaken as part of a broadcast. 

1 34. The method of Claim 30, comprising providing the player with the session 

2 key block. 

1 35. The method of Claim 34, wherein the player can determine the session key 

2 Kj, from the session key block usmg the device keys Kj. 

1 36. The method of Claim 35, comprising periodically refreshing the channel 

2 key to enforce subscriptions. 

1 37. The method of Claim 34, comprising selectively updating the session key 

2 block. 

1 38. The method of Claim 35, wherein the new channel key Ke' is refreshed by 

2 encrypting a new channel key K^,' with at least one encryption scheme. 
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1 39. The method of Claim 38, wherein the new channel key K^.' is sent in a 

2 message that is split. 

1 40. The method of Claim 38, wherein the new channel key is reifreshed using 

2 plural messages. 

1 41. A player for decrypting streamed content, comprising: 

2 at least one device key K^; 

3 means for decrypting a session key using the device key K^; 

4 means for decrypting a channel unique key using at least the session 

5 key K^; and 

6 means for deriving a title key Kj using at least the channel unique key K^^, 

7 the title key Kj being useful for decrypting content. 

1 42. The player of Claim 41, wherein the content is multicast to the player. 

1 43. The player of Claim 42, wherein the player includes means for receiving 

2 streamed content, and the content is streamed to the player. 

1 44. A computer program device, comprising: 



IBM Case No. ARC920010090US1 



2 a computer program storage device including a program of instructions 

3 usable by a computer, comprising: 

4 logic means for receiving private information 1^ upon registration with a 

5 content provider; 

6 logic meaas for subscribing to at least one content channel provided by the 

7 content provider; 

8 logic means for receiving at least one encrypted channel key K,. at least 

9 partially in response to subscribing to the channel; 

10 logic memis for deriving the channel key using the information !„; and 

11 logic means for using at least the channel key to decrypt content 

12 streamed over the channel 

1 45. The computer program device of Claim 44, further comprising: 

2 plural device keys K^; 

3 logic means for receiving at least one session key block; 

4 logic means for deriving at least one session key from the session key 

5 block using at least one device key K^. 

1 46. The computer program device of Claim 45, further comprising: 

2 logic means for using the session key and channel key to derive a 

3 chamiel unique key K^^; and 
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4 logic means for using the channel unique key K^^, to decrypt a title key Kt 

5 useful for decrypting the content. 

1 47. The method of Claim 14, wherein the new channel key K^' is sent in-band 

2 with the title T. 

1 48. The method of Claim 38, wherem the new channel key K^' is sent in-band 

2 with the title T. 
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